The Internet Corporation for Assigned Names and Numbers (ICANN) has issued advice to IT professionals worldwide on how to proactively identify and manage private name space leakage into the public domain name system (DNS).
Issued today, the advisory report serves to eliminate the causes of name collisions as new top-level domains (TLDs) are added to the DNS. In the statement, titled "Name collision identification and mitigation for IT professionals", ICANN explains the nature and causes of name collision and proposes a range of possible solutions.
"Domain name collisions are not new," says ICANN, "however the report addresses some concerns that a number of applied-for new TLDs may be identical to names used in private name spaces."
The report explains how DNS queries leak into the global DNS from private name spaces and how these leaks can have unintended consequences. It also shows that private networks will consistently, stably, and reliably perform name resolution when they use fully qualified domain names (FQDNs) and resolve them from the global DNS, and proposes methods to migrate to FQDNs.
ICANN advice
Paul Mockapetris, global domains division security advisor, says: "While it appears that name collisions won't affect significant numbers of corporate network operators or Internet users, ICANN considers it essential that it does everything possible to minimise potential impact and offer clear advice on dealing with the issue."
The report recommends every organisation that is not already using FQDNs from the public DNS should consider the following strategy:
Monitor name services, compile a list of private TLDs or short unqualified names you use internally, and compare the list you create against the list of new TLD strings.
- Formulate a plan to mitigate causes of leakage.
- Prepare users for the impending change in name usage by notifying them in advance or providing training.
- Implement your plan to mitigate the potential collision.
ICANN says the said advice is the result of several months of work by its staff, subject matter experts, the ICANN executive team and the board of directors.
"The report we've issued today offers IT professionals, whether they work in large organisations or small companies, comprehensive advice and suggested remedies that can be simple to implement," says Dave Piscitello, vice president of security and ICT coordination.
"While other interim or makeshift solutions may exist, migration using FQDNs has lasting value - once you've done this, you are good to go for now and future new TLD delegations."
The report, along with additional information and resources, can be found on ICANN's Web site.
Share